Advisories ยป MGASA-2015-0316

Updated x11-server packages fix security vulnerability

Publication date: 21 Aug 2015
Modification date: 21 Aug 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-3164

Description

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the
server in non-authenticating mode, which allows local users to read from or
send information to arbitrary X11 clients via vectors involving a UNIX socket
(CVE-2015-3164).
                

References

SRPMS

5/core